[RHEL7,COMMIT] nfs: protect callback execution against per-net callback thread shutdown

Submitted by Konstantin Khorenko on Nov. 7, 2017, 9:16 a.m.


Message ID 201711070916.vA79GkuX023408@finist_ce7.work
State New
Series "nfs: protect callback execution against per-net callback thread shutdown"
Headers show

Commit Message

Konstantin Khorenko Nov. 7, 2017, 9:16 a.m.
The commit is pushed to "branch-rh7-3.10.0-693.1.1.vz7.37.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-693.1.1.vz7.37.21
commit 163d706e88397ff953321004ef6cc34da93b509d
Author: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Date:   Tue Nov 7 12:16:46 2017 +0300

    nfs: protect callback execution against per-net callback thread shutdown
    The problem is that per-net SUNRPC transports shutdown is done regardless
    current callback execution. This is a race leading to transport use-after-free
    in callback handler.
    This patch fixes it in stright-forward way. I.e. it protects callback
    execution with the same mutex used for per-net data creation and destruction.
    Hopefully, it won't slow down NFS client significantly.
    Signed-off-by: Stanislav Kinsburskiy <skinsbursky@parallels.com>
 fs/nfs/callback.c | 3 +++
 1 file changed, 3 insertions(+)

Patch hide | download patch | download mbox

diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
index 0beb275..82e8ed1 100644
--- a/fs/nfs/callback.c
+++ b/fs/nfs/callback.c
@@ -118,6 +118,7 @@  nfs41_callback_svc(void *vrqstp)
 		prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE);
+		mutex_lock(&nfs_callback_mutex);
 		if (!list_empty(&serv->sv_cb_list)) {
 			req = list_first_entry(&serv->sv_cb_list,
@@ -129,8 +130,10 @@  nfs41_callback_svc(void *vrqstp)
 			error = bc_svc_process(serv, req, rqstp);
 			dprintk("bc_svc_process() returned w/ error code= %d\n",
+			mutex_unlock(&nfs_callback_mutex);
 		} else {
+			mutex_unlock(&nfs_callback_mutex);
 			finish_wait(&serv->sv_cb_waitq, &wq);